Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

option to authenticate in my application

Status
Not open for further replies.

lpmartineau

Technical User
Dec 20, 2004
26
CA
Hello everyone,

I need some guidance as what I should be looking into to read to get this going.

I have a page. lets just say a simple with with a menu, this page is public. I will have a user name and password field, if they log in and are part of a group I create (this part will be database driven) then they get a second menu with pages that are not available to others.

I have successfully created an authentication page but it forces you to log in. you can't see the "default" menu without logging in.

Any ideas?

Thank you

Luc
 
You said you created a successful authentication page where the user can log in, so what happens after they log in? Is the user forced to re-login again?

If the user's that login are part of a specific group, and only that group can see the second menu choice, then do a <cfif> around the 2nd menu choice.

Something like this:
<cfif getUserLogin.groupType EQ "1">
<cfinclude template="2ndMenu.cfm">
</cfif>

Of course you'll have to first check if the user is logged in (since you're authentication code works then this shouldn't be a problem).




____________________________________
Just Imagine.
 
or in your application file you can do this :

<cfset linksWithOutLogin = "/enroll.cfm,....">
<!--- Forcing user the log in --->
<cfif NOT IsDefined("SESSION.Auth.IsLoggedIn") AND ListFindNoCase(linksWithOutLogin, CGI.SCRIPT_NAME,",") NEQ 0>
<cfif IsDefined("FORM.UserLogin")>
<cfinclude template="LoginCheck.cfm">
</cfif>
<cfinclude template="LoginPage.cfm">
<cfabort>
</cfif>

hope it helps...

 
Right now my application forces folks to log in, if you go to any page in my folder it asks you to log in.

I want it sort of like a forum. You get a standard page no matter what. if you do happen to log in then you can view hidden content.

know what I mean?

Thanks

Luc
 
when the login is successful, you create a variable called:

<cfset SESSION.Auth.IsLoggedIn = 'True'>

then in your pages you can do

<cfif IsDefined("SESSION.Auth.IsLoggedIn")>
display menu2
<cfelse>
display menu1
</cfif>

or you can implement what GUJUmodel started. just assign users a group type and change that group type after they login.

hope it helps...

 
the problem with that is it forces them to log in.

lets say I have a folder on my server called Auth_test
so someone hits instead of index.cfm they automaticlly get login.cfm because of the application.cfm file.

I would rather have them get a an actual index.cfm page, with a banner at the top and a menu down the side etc a regular standard old webpage.
but at the top is also a login/password field, where if they so choose they can log in if they have an account, if they do login then they come back to the same page after authenticating but now they have an admin menu or other spcial none public items.

I am still very new to Cold Fusion.

Thank you

Luc
 
ok, then please put this piece in your application.cfm

<cfset linksWithOutLogin = "/auth_test.cfm,/index.cfm">
<!--- Forcing user the log in --->
<cfif NOT IsDefined("SESSION.Auth.IsLoggedIn") AND ListFindNoCase(linksWithOutLogin, CGI.SCRIPT_NAME,",") NEQ 0>
<cfif IsDefined("FORM.UserLogin")>
<cfinclude template="LoginCheck.cfm">
</cfif>
<cfinclude template="LoginPage.cfm">
<cfabort>
</cfif>

this way, when somebody hits auth_test.cfm, Cold fusion will not bring up the login page.

loginCheck.cfm simply validates the user and if it does, it creates bunch of session scope variables.
if the page you are hitting requires validation ( not defined in the linksWithOutLogin variable), it brings up the loginpage.cfm.
hope it helps...

 
AH, I get it now, I understand the code.

will give it a try.

thank you for your time.

Luc
 
Hi,

I tried it today with my application and its not working right. now it allows me to access any page no matter what :D so I went from one extreme to the other.

here is what is in my Application.cfc

Code:
<cfcomponent output="false">
<cfset this.name="secureSite">
<cfset this.sessionManagement=true>


<cffunction name="onApplicationStart" output="false" returnType="void">

        <cfset APPLICATION.dataSource = "ss">
        <cfset APPLICATION.companyName = "Service Desk">

</cffunction>

<cffunction name="onRequestStart" output="false" returnType="void">

<cfset linksWithOutLogin = "auth_test.cfm,index.cfm,test.cfm">
<!--- Forcing user the log in --->
<cfif NOT IsDefined("SESSION.auth.isLoggedIn") AND ListFindNoCase(linksWithOutLogin, CGI.SCRIPT_NAME,",") NEQ 0>
  <cfif IsDefined("FORM.cfUserName")>
     <cfinclude template="login.cfm">
  </cfif>
  <cfinclude template="ldapform.cfm">
  <cfabort>
</cfif>
</cffunction>



</cfcomponent>
 
lpmartineau, I construct me auth process somewhat differently. I place following in header via a <cfinclude>

Code:
<!--- IF THE APPLICATIONA AND SESSION TIMES OUT (OR DOES NOT EXIST), REDIRECT THE USER TO THE MAIN PAGE SO THEY CAN LOG BACK IN --->
  <cfif isdefined("SESSION") and  isdefined("APPLICATION")>
    <cfif not isdefined("SESSION.User") and not isdefined("APPLICATION.User")>
      <cflocation url="/index.cfm?Status=14" addtoken="no">
    <cfelse>
      <!--- DO NOTHING --->
    </cfif>
  </cfif>

That will check for the existance of the user in both the SESSIoN scope and APPLICATION scope. If it does not exist it redirects to the index page, and if it does exist it does nothing.

____________________________________
Just Imagine.
 
I added the /'s and it still don't work properly.

I can get to any page in my folder. so the Application.cfc is not working properly.

Any ideas why the above code lets people access any of the files in my folder?

thanks

Luc
 
what does ldapform.cfm do?

<cfif IsDefined("FORM.cfUserName")>
<cfinclude template="login.cfm">
</cfif>
<cfinclude template="ldapform.cfm>

<cfif IsDefined("FORM.cfUserName")>
<cfinclude template="login.cfm">
</cfif>
<cfinclude template="ldapform.cfm">
<cfabort>
</cfif>

what is form.cfUserName ? the idea here is if the template that the user hits is not in the list, then let the user see without login otherwise force the user to login. if the user entered their login, go check the login info, otherwise abort.

<cfif NOT IsDefined("SESSION.Auth.IsLoggedIn") AND ListFindNoCase(linksWithOutLogin, CGI.SCRIPT_NAME,",") NEQ 0>
<cfif IsDefined("FORM.UserLogin")>
<cfinclude template="LoginCheck.cfm">
</cfif>
<cfinclude template="LoginPage.cfm">
<cfabort>
</cfif>

hope it helps...


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top